From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <mbroz@redhat.com>
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28])
 by mail.saout.de (Postfix) with ESMTP
 for <dm-crypt@saout.de>; Thu, 16 Dec 2010 20:11:27 +0100 (CET)
Received: from int-mx02.intmail.prod.int.phx2.redhat.com
 (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12])
 by mx1.redhat.com (8.13.8/8.13.8) with ESMTP id oBGJBQLp032247
 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK)
 for <dm-crypt@saout.de>; Thu, 16 Dec 2010 14:11:26 -0500
Received: from [10.36.10.76] (vpn2-10-76.ams2.redhat.com [10.36.10.76])
 by int-mx02.intmail.prod.int.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id
 oBGJBOn4005935
 for <dm-crypt@saout.de>; Thu, 16 Dec 2010 14:11:25 -0500
Message-ID: <4D0A645C.7070908@redhat.com>
Date: Thu, 16 Dec 2010 20:11:24 +0100
From: Milan Broz <mbroz@redhat.com>
MIME-Version: 1.0
References: <1161837945.960861292524024535.JavaMail.root@zmail07.collab.prod.int.phx2.redhat.com>
In-Reply-To: <1161837945.960861292524024535.JavaMail.root@zmail07.collab.prod.int.phx2.redhat.com>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
Subject: Re: [dm-crypt] Security of cloned disks (with changed passphrases)
List-Id: <dm-crypt.saout.de>
List-Unsubscribe: <http://www.saout.de/mailman/options/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=unsubscribe>
List-Archive: <http://www.saout.de/pipermail/dm-crypt>
List-Post: <mailto:dm-crypt@saout.de>
List-Help: <mailto:dm-crypt-request@saout.de?subject=help>
List-Subscribe: <http://www.saout.de/mailman/listinfo/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=subscribe>
To: dm-crypt@saout.de

On 12/16/2010 07:27 PM, Matthew Mosesohn wrote:
> I am wondering if I perform this setup (cryptsetup version 1.1.2),
> how much risk do I expose my systems to?
> 
> Step 1: Create a base install that is encrypted with a fixed
> passphrase Step 2: Create a disk image of this installed system Step
> 3: Deploy image on N number of other systems Step 4: Change the
> passphrase on all deployed systems
> 
> What happens if the passphrase becomes compromised on one of these
> systems?  Can that person gain the original LUKS AES key to the disk
> and therefore obtain a way to break into all of the other systems?

Yes, cloning the whole device including LUKS header and changing just
the passphrase keeps the same volume key exposes all system to risk.

Everyone with any passphrase to any system can decrypt volume key
and get access to all cloned systems.

Moreover, everyone can check which sectors changed even without
any passphrase knowledge as a bonus (just check which sectors changed).

The proper way is create new LUKS header (with new passphrase
and volume key) and clone _content_ (plaintext device) of encrypted disk.

Still if you know origin disc content you are in better position
that when you know nothing about the disc but this problem can be
probably ignored in most use cases (secure stolen laptop etc)

Milan